Skip to content

fix(s2n-quic-qns): use forked version of webpki #1837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
WesleyRosenblum merged 2 commits into from
Jun 23, 2023
Merged

fix(s2n-quic-qns): use forked version of webpki #1837

WesleyRosenblum merged 2 commits into from
Jun 23, 2023

Conversation

@WesleyRosenblum
Copy link
Contributor

@WesleyRosenblum WesleyRosenblum commented Jun 23, 2023
edited
Loading

Description of changes:

s2n-quic-rustls is failing the anti amplification limit interop test because of a hard coded cert chain depth limit in the webpki crate that rustls uses, see #1836.

This change introduces a patch to the top level Cargo.toml that is applied as part of running interop that will swap out the version of webpki for a forked version that increases the cert chain depth limit.

Testing:

Tested locally and in CI. s2n-quic-rustls amplification limit test passes now: https://dnglbrstg7yg.cloudfront.net/bd8f2ce325ade00fee3d6cb77aefe58483081155/interop/index.html?client=s2n-quic-pr1837,s2n-quic-rustls&server=s2n-quic,s2n-quic-pr1837,s2n-quic-rustls&test=a

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@WesleyRosenblum WesleyRosenblum mentioned this pull request Jun 23, 2023
Closed
@WesleyRosenblum WesleyRosenblum marked this pull request as ready for review June 23, 2023 16:54
camshaft
camshaft approved these changes Jun 23, 2023
View reviewed changes
Copy link
Contributor

@camshaft camshaft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to be, though it might be worth starting on the PR to webpki concurrently to upgrading to the latest rustls.

@WesleyRosenblum WesleyRosenblum merged commit c75a20a into main Jun 23, 2023
@WesleyRosenblum WesleyRosenblum deleted the WesleyRosenblum/patchwebpki branch June 23, 2023 17:42
@WesleyRosenblum WesleyRosenblum mentioned this pull request Aug 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@camshaft camshaft camshaft approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WesleyRosenblum @camshaft